Cybersecurity Incident Responder

About SysteCom:

Together with SysteCom, we are members of the QnR Group. Systecom is a leading technology provider committed to delivering innovative Cybersecurity & IT Infrastructure solutions and services to businesses of all sizes across various sectors. Our mission is to empower organizations with cutting-edge technology solutions that drive efficiency, productivity, and growth.
The position will be hired by SysteCom.



Role overview

We are looking for Cybersecurity Incident Responder (Junior/Mid/Senior) to join our team to join our team and take an active role in defending infrastructure against evolving cyber threats. Across all levels, the role covers five core service domains: Incident and Alert Detection & Analysis, Incident Response and Mitigation, Incident Documentation and Reporting, Incident Coordination and Communication, and Digital Forensics and Evidence Handling.

Requirements

The ideal candidate will be responsible for:

JUNIOR

• Monitor security alerts for on-premises and cloud infrastructure and identify potential incidents and breaches.
• Assist cybersecurity incident responders and support the development of cyber defence tool content.
• Participate in preliminary incident triage and documentation.
• Escalate incidents and alerts to senior responders or teams as needed.
• Create additional correlation or monitoring content in the frame of an incident.
• Conduct initial analysis of security incidents to determine their nature and impact.
• Document incident details, actions taken, and results of initial analysis.
• Classify incidents based on severity and potential impact.
• Provide support for basic incident response actions such as isolating affected systems.
  

MID

• Independently conduct in-depth analysis of security incidents for on-premises and cloud infrastructure to identify root causes and potential mitigations.
• Create additional correlation, pivotal or monitoring content to support incident analysis and get updates on ongoing incidents.
• Coordinate incident response efforts within the Cybersecurity Operations Center and with other relevant teams.
• Collect and preserve digital evidence for forensic analysis.
• Prepare comprehensive incident reports for management and stakeholders.
  

SENIOR

• Integrate threat intelligence into incident analysis and response strategies.
• Perform threat hunting linked to incident analysis and response.
• Develop advanced correlation, pivotal or monitoring content to support threat hunting activities related to incidents.
• Contribute to building permanent detection rules in coordination with the detection engineering team.
• Analyse cybersecurity incident root causes and recommend and implement accurate countermeasures to prevent similar incidents from occurring across on-premises and cloud infrastructure.
• Conduct advanced digital forensics investigations to support incident response and potential legal proceedings.
• Develop and implement strategic incident response plans.
  
  

To excel in this role, you'll need:

• A Bachelor's degree or Master's degree in Cybersecurity, Computer Science, Information Technology, Networks or a closely related field is mandatory.

JUNIOR

• Basic incident detection — ability to recognise and report common security events and anomalies across on-premises and cloud environments.
• Team collaboration and communication skills to assist senior responders.
• Security tools familiarity — understanding of security monitoring tools and their use.
• Incident triage — ability to assist in the initial assessment and classification of incidents.
• Incident analysis — analytical skills to determine the nature and impact of incidents.
• Documentation — comfortable documenting incident details and actions taken.
• Incident response assistance — ability to support basic response actions.
• Basic cybersecurity concepts, principles and terminologies including basic cloud computing (e.g. AWS, Azure).
• Incident reporting — how to document and report incidents.
• Security incident classification — how to classify incidents by severity and potential impact.
• Security tools operation — familiarity with operating security tools for monitoring and analysis.
  

MID

• At least 3 years of experience.
• Advanced incident analysis — proficiency in conducting in-depth analysis of security incidents for on-premises and cloud environments.
• Monitoring content development — ability to develop correlation or monitoring content for security tools.
• Incident coordination — ability to coordinate incident response within the SOC and with other teams.
• Forensic data collection — enhanced ability to collect and preserve digital evidence from various operating systems.
• Incident reporting — ability to prepare comprehensive incident reports for management and stakeholders.
• Threat intelligence integration — knowledge of integrating threat intelligence into incident analysis and response strategies.
• Advanced forensic analysis — understanding of advanced digital forensics techniques.
• Incident response planning and strategy development.
• Legal and regulatory compliance — awareness of legal and regulatory requirements for incident response.
• Security monitoring content development — proficiency with security tools and ability to develop monitoring content.
• Very good understanding of cloud computing concepts and platforms (e.g. AWS, Azure).

SENIOR

• At least 6 years of experience.
• Advanced threat intelligence analysis — advanced capability in analysing and leveraging threat intelligence for incident response.
• Threat hunting — solid capability in performing threat hunting across on-premises and cloud environments.
• Legal and regulatory expertise — expert-level understanding of legal and regulatory compliance requirements.
• Crisis communication — ability to effectively communicate with stakeholders during high-stress incidents.
• Incident response strategy development — expertise in developing and implementing strategic incident response plans.
• IR policy and governance — knowledge of policies and governance frameworks related to incident response.
• Threat landscape — specialised knowledge of the organisation's threat landscape and specific cyber threats.
• Expert-level knowledge of cybersecurity principles, threats and technologies.
• Global threat landscape awareness — in-depth understanding of global cyber threats and emerging trends.
• Cybersecurity governance frameworks and best practices.
• Proficient knowledge of cloud computing concepts and platforms (e.g. AWS, Azure).

Certifications
At least one in cybersecurity and at least one in incident response, computer forensics or product specific trainings or another equivalent are mandatory for the mid & senior roles, e.g.:

Cybersecurity:

GIAC Security Essentials Certification (GSEC), Certified Information Systems Security Professional (CISSP), CompTIA Security+, CSX Cybersecurity Practitioner (CSX-P), etc.

Incident Response / Computer Forensics:

GIAC Certified Incident Handler (GCIH), GIAC Certified Forensic Analyst (GCFA), EC-Council Certified Incident Handler (ECIH), Product-specific training: EDR platforms (e.g. Carbon Black), SOAR platforms (e.g. XSOAR), or equivalent, etc.